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ABSTRACT 


A widely used access control mechanism is the password. 
Passwords are normally composed of a meaningful detail, such 
as a name of a person or a sequence of numbers such as a 
oirthdate. Any person attempting to gain unauthorized 
access to a system might need only to look at a personnel 
record or associate with the person holding the desired 
password in order to discover the password. Therefore, 
there is a compromise between user memorability and security 
of a system. Exploration into other methods of user authen¬ 
tication and access control is desired to discover a better 
alternative to the traditional password system. The 
alternatives are system-generated passwords, pronounceable 
passwords, passphrases, cognitive passwords and authentica¬ 
tion by word association. These methods are discussed and 
examined. The results from this study show that cognitive 
passwords and authentication by word association are 
superior to other methods in access control. 
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I. INTRODUCTION 


A. COMPUTER SECURITY OVERVIEW 

1. The Need for an Effective Authentication Method 
The dependence of organizations upon computer 
systems necessitates the development of an authentication 
technology that provides security (Spender, 1987). 

Generally, the value of a system's access control is not 
given much thought until a major damage or loss occurs. 
Computer security policies are best established before, not 
after, an intrusion happens (Hoffer and Straub, 1989). 

The growth of computer crime also necessitates 
improved authentication and security methods. In 1979, 
computer crime losses in corporations were estimated to be 
$100 million a year (Denning, 1979). By 1989, the figure 
had reached $500 million annually for 72 of the Fortune 500 
companies (Hoffer and Straub, 1989). These numbers do not 
include all computer crimes that actually had taken place. 
Many went unreported for various reasons. Some are yet 
undiscovered. Companies feel that reporting the loss or 
damage would alert possible perpetrators to their inadequate 
security measures (Hoffer and Straub, 1989). 

* Computer crimes are not limited to pilfering company 
assets. There are many ways to commit criminal acts: 

1. Damaging the computer center physically so that the 
hardware is no longer usable. 
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2. Using the computer system to modify, manipulate or 
delete computer software, resulting in monetary or 
strategic gain for the individual. 

3. Using a computer to aid in the execution of a crime 
(e.g., programs designed to assist in infiltrating 
another system or other programs that produce forged 
statements to encourage investment in an individual's 
company). 

4. Preying on people's ignorance to convince them to 
invest in ci computer described as having programming 
or capabilities that do not exist. (Parker, 1984) 

Also, computer crime is not always done for 
financial gain. Many "hackers" feel challenged to prove 
that no computer system is secure. While they may just 
play pranks once they have gained access, this access 
results in lost CPU and user time (Wood, 1983). 

Finally, computer viruses introduced into computer 
systems and networks of computer systems can create many 
different problems. They can cause an operating system to 
"lock up" the computer system. They can attach themselves 
to programs and cause massive deletion of data. Viruses are 
insidious because they do not have to occur right away; they 
can lie dormant and be triggered later by such things as a 
system clock (Hoffer and Straub, 1989). 

Since computers are becoming necessary to business, 
computer crime can only be expected to increase. Losses may 
be expected to increase because more costly data and 
information will continue to be entrusted to the computer. 
Finally, computers can be expected to be used more for 
illegal purposes—bookmaking, fraud and various other scams 
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(Parker, 1984). One of the best ways to counteract this 
barrage of crime will be to establish an increased awareness 
of computer security. 

Computer security uses the technology, procedures, 
techniques and policies to guarantee the safety of not only 
the computer systems, but also the information stored within 
them. Security also involves limiting access to authorized 
users only (Ware, 1984). Each organization must evaluate 
what steps they need to take to make their system secure. 
Some computers are highly complex and need more elaborate 
security models to protect them whereas a home microcomputer 
will not need such intricacy to make it secure. Unless each 
organization establishes policies concerning computer 
security, it is difficult to determine if that system is 
secure for th a+- company (Landwehr, 1981) . 

2. The Different Phases of Computer Security 

There are many ways to approach computer security. 
First, external measures can be taken. Examples of such 
methods are making physical access to computer terminals 
difficult by use of guards, locks or some type of token 
(Ahituv et al., 1987). Second, access control is used to 
prevent unwarranted intrusions. Access control ensures that 
unauthorized people do not gain entry into a system, as well 
as preventing an authorized user from performing a function 
inside the system that is not allowed (Wood, 1983). 

Finally, there are internal controls to prevent illegal 
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tampering with data. These controls are designed to prevent 
users from accessing segments of memory to which they are 
not authorized. While access control is one method to 
provide internal security and control, there are other 
specific methods that can be used in conjunction with access 
controls to thwart the intended intruder (Denning and 
Denning, 1979). 

This thesis focuses on an examination of various 
user authentication methods for improving computer security. 
It discusses and evaluates system generated passwords, 
pronounceable passwords, passphrases, cognitive passwords 
and authentication by word association as alternatives to 
the accepted traditional password system. A comparison of 
these authentication methods will show which method best 
balances the need to have a password system that is 
difficult for an unauthorized user to penetrate, yet is easy 
to use and remember for the legitimate user. 
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II. ROLE OF PASSWORDS AS AN AUTHENTICATION MECHANISM 


A. PURPOSE OF PASSWORDS 

A facet of computer security is ensuring proper user 
authentication. Password systems are the most commonly used 
authentication method. Those trusted with creating an 
• effective password system view it as building a protective 
wall around an important physical asset. When a correct 
user identification and associated password are presented, 
the authorized user essentially passes over this logical 
fence to gain access to the computer system (Wood, 1987). 

As such, a password system is normally one of the first 
security measures used to deter unauthorized access to a 
computer system. Sometimes it may be the only method to 
stop illegal access. Therefore, it is important that this 
line of defense be as formidable as possible (Wood, 1983). 

B. PASSWORD CHARACTERISTICS 

A password is a combination of letters, numbers, special 
symbols or control characters that is used to verify that an 
authorized user is accessing the computer system (Wood, 

1983). A password system could also be a longer string of 
such elements or a series of queries-and-responses in which 
each response was treated as an individual password. In 
order to make a system secure, there are several 
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characteristics that a password system should have. They 
are: 

1. Ease of memorability . Passwords should not be written 
down. 

2. Difficulty in guessing . This difficulty prevents 
discovery by an intruder. A password should not be 
associated with its user. 

3. Ease of entry . They should not require a great deal 
of keyboard manipulation or expertise to enter the 
correct password. 

4. Non-reusable . For instance, when a user changes his 
password, he should not be allowed to reuse a password 
he was assigned previously. 

5. Non-susceptibilitv to spoofing . The password system 
should not be susceptible to a phony software program 
where the user is led to believe that he is logging 
in, when in reality a program simulating the login 
procedure is copying his password and user id. This 
form of spoofing is known as the Trojan horse. 

6. Tested . A password system should be thoroughly 
evaluated and, once accepted, should be easy to 
implement. 

7. Inexpensive . Password systems are generally an 
inexpensive way to provide protection, so the costs 
should not be prohibitive to install a given system. 
(Ahituv et al., 1987) 

By far the greatest challenge in establishing an 
effective password system is to construct a system that has 
the first two characteristics—easy to remember, yet diffi¬ 
cult to guess. Usually, some tradeoff is made concerning 
these two characteristics. On one erd of the spectrum, 
passwords can be made easy to remember. A user chooses a 
password that relates to him—a person, place or object. 

Such a choice makes it easy for someone else to guess the 
password within a few attempts (Barton and Barton, 1984). 


6 








However, as a password is made more complex, i.e., unrelated 
to the user, through the use of random characters for 
example, it is more difficult for the user to remember. As 
a result, compromise may occur because a user writes it down 
(Spender, 1987). Similarly, if an extended query-and- 
response routine is used, it may become tiring to the user, 
making it unpopular (Wood, 1983). It appears that with any 
password system some tradeoff must be made between these two 
characteristics. 

C. TRADITIONAL PASSWORD SYSTEMS 

In order to establish a metric on which to base 
alternative password systems, the traditional password 
system will be analyzed. Since this system is the most 
commonly used in existing operating systems it will serve as 
a benchmark on which to base alternative password methods. 

In this system a user is given a user identification 
(userid) and is instructed to select a password that will 
allow him access to the computer system. Normally a user is 
not restricted in any way in choosing this password; 
therefore, he generally picks a password because it is 
meaningful to him. In order to make this system secure, the 
password should be at least six characters in length. This 
should, prevent an intruder from using "brute force" 
methods—trying all possible combinations, of say, four 
characters—to get access to the computer system (Wood, 

1983) . Also, studies have shown that people can readily 
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remember expressions up to only seven characters in length 
(Miller, 1956). For ease of memory and use, a user 
frequently will choose a password that is either a familiar 
name or a word found in the dictionary. This choice, of 
course, plays into the hand of an intruder as this reduces 
the possible combinations drastically. If, however, a 
password of more than six random characters is chosen, then 
it is more secure although not as acceptable to the user 
(Wood, 1983). An organization should establish a policy 
that strikes a balance between user-friendliness and 
susceptibility to compromise (Wood, 1983). After a password 
is chosen, the user will be required to use it every time he 
desires to log on to the system. Therefore, an important 
part of the security plan is that the password is changed 
after a period of time to avoid compromise. An intruder may 
discover a userid and simply try various guesses before 
hitting upon the matching password. Once again it is up to 
the organization to set policy as to how long a time period 
should be before the password is changed. In addition to 
changing the password, it is important that old passwords 
not be reused. For instance, a user must not use one 
password for a month, then switch to his other password, 
alternating between two passwords. If care is taken in 
selecting the password then the password system will be more 
effective at thwarting an unauthorized user (Wood, 1983) . 
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An important element of this system, as with any other 
password system, is user education. People must be led to 
understand the importance of a password system and the steps 
to follow to ensure that the password chosen keeps the 
system secure. If the users do not believe in or understand 
the password system then it will become useless and 
ineffective (Wood, 1983). 

Unfortunately, there are disadvantages to the 
traditional password system. They are: 

1. If users decide to make the password as secure as 
possible—completely random—they tend to write it 
down so as not to forget it. By doing so they are 
leaving it open to compromise. 

2. The user does not put effort into selecting a 
password, choosing a familiar name or trivial 
association, making it easy for an intruder to figure 
out. 

3. Even if a "good" password is chosen, the user may key 
it in slowly or allow someone to watch as he keys it 
in, the password can be compromised. 

4. This password system can be infiltrated by a 
sophisticated intruder through the operating system. 
Such an intruder can either find the password table 
and decipher it or use a spoofing technique to capture 
the password. (Ahituv et al., 1987) 

The way to solve these problems is through better encryption 

techniques within the operating system and better user 

education. Is this the best method available? Or, is there 

a better alternative? Many such methods have been suggested 

and a description of several of these are provided in the 

next chapter. 


9 






III. ALTERNATIVE PASSWORD METHODS 


While this chapter is not an exhaustive list of password 
system alternatives, the different alternatives presented 
are representative of various authentication methods. The 
first three methods presented are basically a modification 
of the traditional password system. Then a discussion 
follows on cognitive passwords and authentication by word 
association, new authentication approaches, not as closely 
linked to the traditional password system. 

A. SYSTEM-GENERATED PASSWORDS 

In the traditional password system, the user selected 
his own password, which was usually connected to his 
biography and therefore, guessable by outsiders. With a 
system-generated password, a system security administrator 
controls the selection of the password (Menkus, 1988). 

Within this method, it is common that a program creates 
passwords for users. Normally, a pseudo-random number 
generator arbitrarily creates a string of alphanumeric 
characters as the password (Menkus, 1988). 

The system security administrator is responsible not 
only for selection of the passwords, but he must also ensure 
the proper distribution and use of the passwords. He is 
responsible for ensuring that passwords are changed 
frequently and that expired passwords are disposed of 


10 






properly and are not reused (Menkus, 1988). Depending upon 
the frequency of change, he may also need to change his 
generation program if it appears a pattern is developing 
among the passwords being created. In this method, the 
system security administrator is vital to ensuring for an 
effective authentication system (Menkus, 1988). 

As discussed earlier, passwords should be chosen so thay 
are difficult to guess or figure out. The advantage of the 
system-generated method is that it makes it more difficult 
for an intruder to penetrate it than is possible with the 
traditional password method (Panns and Herschberg, 1987). 
However, it will be more difficult for the user to remember 
since there is no meaningful relation to the user (Menkus, 
1988). As a result, the high degree of complexity may cause 
the user to write down or even forget the password, thus 
failing to provide secure access control (Spender, 1987). 
Also, this method may result in friction between the user 
and the administrator's need to meet security requirements. 

A consequence may be that users will rebel in order to gain 
a system that is easier to use and remember (Panns and 
Herschberg, 1987). 

B. PRONOUNCEABLE PASSWORDS 

Pronounceable passwords consist of a string of 
alphanumeric characters that do not spell a word but rather, 
when pronounced or seen by a user, form a memorable string 
of characters. For instance, the word "operation" could be 
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made a pronounceable password by changing it to "operSion.” 
Similarly, the famous Shakespearean quotation, "to be or not 
to be" changes to ,, 2BORNOT2B ,, (Barton, 1984) . These 
passwords can be either user-generated or system-generated. 
However, normally they are system-generated. As such, the 
administration of this password method would be the same as 
described in the system-generated password system. 

The advantage of this method is that the password is not 
likely to be connected to the user’s lifestyle. Also, since 
it is not as complex as a system-generated password, it 
should be easier to remember. However, because it is 
pronounceable does not mean it will be easy to remember, so 
some problems may still exist (Panns and Herschberg, 1987). 
Because users may be involved in the selection process, 
pronounceable passwords do not have to be system-generated. 
Also, there may not be as much user hostility toward this 
method as there is toward a system-generated authentication 
system. 

C. PASSPHRASES 

A variation of the traditional password system is the 
extended password or passphrase. Because it becomes more 
difficult to guess or find out a password as its length 
increases, the passphrase was designed to form a compromise 
between ease of memorability and difficulty in figuring out. 
The longer, extended password of 30 to 80 characters becomes 
difficult to guess (Porter, 1982). Unlike system-generated 
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passwords, the passphrase is generated by the user himself. 
This allows the user to choose a passphrase that is 
meaningful to him for ease of memory. In the passphrase 
method the sheer length of the passphrase provides the 
desired security, so having the passphrase unrelated to the 
user is not as stringent a requirement. The following 
example shows how length thwarts a possible intruder. If a 
user were to use a minimum of 30 alphabetic characters, over 
1,000,000,000,000 possible combinations exist. This 
definitely makes the brute force attempt of trying all 
possible character combinations a formidable obstacle to an 
intruder (Pfleeger, 1989). 

As long as the user avoided selecting a trivial 
passphrase, such as family names or the 26 letters of the 
alphabet, the ability to guess the passphrase would be 
unlikely (Porter, 1982). It seems that this method may be 
the one that finally resolves the conflict between the 
required characteristics of ease of memorability versus the 
difficulty in guessing. However, as stated earlier, a human 
being has difficulty remembering strings greater than seven 
characters (Menkus, 1988). Since the passphrase must be 
entered exactly, the question may be asked whether a human 
being can remember exactly a long string that has some 
meaning for him. Another problem may arise with the 
frequent user. Even though he may recall his passphrase 
without writing it down, he may become upset at the prospect 
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of typing 30 to 80 characters every time he desires to use 
the system (Porter, 1982). 

D. COGNITIVE PASSWORDS 

1. Description 

Another alternative to the traditional password 
system is a method that lengthens the user identification 
process. Instead of a user entering just one password, he 
is required to enter several passwords, one at a time when 
prompted by the computer. One type of such a system is 
cognitive passwords. Cognitive passwords are passwords 
based on an individual user's perceptions, personal 
interests and personal history. These passwords are based 
on information that others would not commonly associate with 
the user, nor that could easily be found in personal records 
(Haga et al., 1989). 

2. Implementation 

A cognitive password system combines both system¬ 
generated and user-generated characteristics. It is system¬ 
generated in that the security administrator creates 
questions that would be used to stimulate a response from a 
user. The exact responses to these questions would entirely 
be user-generated. As such, the password system is set up 
basically as an access quiz. If the user responds correctly 
to a series of questions concerning himself, then he would 
be authorized access to the system (Haga et al., 1989). 
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In order to make the security system effective, the 
administrator needs to choose non-trivial questions as the 
stimulus for user responses. If trivial questions such as 
"What is your name?" are chosen, then an intruder will more 
easily break into the system than if "What is your favorite 
vacation place?" is used, for example. 

Like the other password methods described, the 
responses or cognitive passwords would need to be entered 
exactly for a user to gain access. Because tne responses to 
the questions necessarily vary in length, cognitive 
passwords would have, however, no preset length associated 
with them. They also would be regular words as opposed to a 
random string of alphanumeric characters. 

3. Advantages 

Since the cognitive password is significant to the 
user, but not readily associated with him, it is easy for 
him to remember, but difficult for an intruder to guess or 
find out. The cognitive password may be of such length that 
a brute force method of trying all character combinations 
would be thwarted. Also, a cognitive password system 
requires several questions to be answered correctly, so this 
layering adds an additional degree of security. 

4. Disadvantages 

In the traditional password system it is difficult 
for a user to remember one password, therefore remembering 
many cognitive passwords would seem to be harder for the 
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user (Smith, 1987). Also, it is unlikely that a user would 
remember all of his responses so establishing an acceptable 
miss percentage may be difficult to do. If set too low, 
intruders may penetrate the system; if set too high, 
authorized users may be denied access. 

5. Summary 

A cognitive password system, if implemented 
correctly, seems to be less vulnerable than the traditional 
password system. It also provides for user-friendliness. 
Even though it may be more complicated to set up initially, 
the benefits of a better authentication system make it a 
viable alternative. 

E. WORD ASSOCIATION 

1. Description 

Another method that requires a series of passwords 
to verify user identity is authentication by word 
association. In this alternative, the user constructs a 
list of cues and responses that would be unique to the 
individual. A trivial example would be the cue word "high" 
which would require the response "low" (Smith, 1987). Smith 
(1987) designed this model with the thought that an initial 
list of 20 cues and responses per user would be sufficient 
to allow flexibility in changing the cues presented to the 
user when logging in to the system. Depending upon the 
security of the system, a user would be required to give 
from one to several correct responses (Smith, 1987). 
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2. Implementation 


The actual structure desired would be a single-word 
cue and a one-word response. Doing so allows for ease of 
memory for the user. Similarly, the user is responsible for 
constructing all 20 cues and responses making it user- 
friendly (Smith, 1987). 

In order to make this method a stronger impediment 
to intrusion, the word associations should be as non-trivial 
* as possible. A list of 20 opposites would be easy to 

penetrate (Smith, 1987). To make construction of the list 
easier and to make it easier for the user to remember the 
responses, it is helpful for the user to choose one central 
theme (Smith, 1987). For example. United States presidents 
may be chosen as the theme. Cues may include cherry and 
honest and have responses of Washington and Lincoln, 
respectively. 

Finally, while the user is expected to generate the 
correct response to gain access to the system, there is no 
requirement that he remember the cues or the central theme, 
if any, for the word association method to be successful 
(Smith, 1987). 

3. Advantages 

Smith postulated that there were several advantages 
to this method: 
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1. The responses would be easy to remember. 

2. Without knowledge of the theme and non-trivial 
associations, the responses would be resistant to 
intrusion. 

3. Since the cues and responses are selected by the user, 
there would be little user resistance to such a 
method. 

4. The cues and responses would uniquely identify each 
individual user. 

5. If a need arose to change a cue and response, it could 
easily be altered without altering or compromising the 
rest of the list. (Smith, 1987) 

4. Disadvantages 

If a user is not careful in constructing his word 
associations, the responses may be easily guessed. Also, 
the user may be tempted to write down the cues and responses 
or the central theme since there would be so many responses 
to remember. This would lead to compromise. And, like 
cognitive passwords, a user would likely not remember all 
the responses so an acceptable margin of incorrect responses 
would have to be established. 

5. Summary 

Smith's word association model offers an alternative 
to the traditional password system as the word association 
model is more robust and would require a great deal of 
effort to penetrate. It is user-friendly in both design and 
use. Unfortunately, in Smith's study he only tested four 
users, so further testing may be required. 

The next three chapters contain the methodology, 
findings and conclusions of examining the different password 
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methods and in determining the possible superiority of any 
one method over the others. 
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IV. RESEARCH METHODOLOGY 


A. BACKGROUND 

The purpose of this research is to determine if any of 
the six password methods is superior in ease of use, 
memorability and resistance to intrusion. The method used 
to conduct this research was by questionnaire. Several 
different questionnaires were used with the intent either to 
verify information from previous studies or to justify 
conclusions about new areas of study, such as cognitive 
passwords and authentication by word association. 

B. METHODOLOGY 

1. Instrumentation 

To test the ease of recall for all methods, three 
forms of similar self-administered questionnaires were 
developed. A copy of each questionnaire is included in the 
Appendix. Two versions of the first questionnaire, Ql, were 
used (the differences are described in Section B.l.b of this 
chapter). Each respondent (user) answered one of the two 
versions of the first questionnaire and the third form of 
the questionnaire, Ql and Q3. A significant-other (spouse, 
close friend or family member) completed the second form of 
the questionnaire, Q2. 
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a. Demographic Items 

Both the Q1 and Q3 forms asked for four 
categories of responses. The first part of Q1 asked for the 
respondent's sex, years of computer usage, types of 
computers with which they were experienced (microcomputer, 
microcomputer linked to a mainframe and/or a mainframe 
terminal) and a respondent identifier—either their last 
four digits of their United States Social Security number or 
their Student Mail Center (SMC) box number. The Q3 form 
asked only for the Social Security number digits or the SMC 
box number, so that it could be matched with its Q1 
counterpart. The Social Security digits and the SMC number 
were used to protect the identity of individual respondents 
in this study, yet were used to allow matching of the Ql, Q2 
and Q3 forms. The SMC number allowed the respondent to be 
contacted somewhat anonymously (as he was addressed by SMC 
number and not by name) for the return of either a Q2 form 
or missing information from the Ql or Q3 form. 

b. Creation and Assignment of Passwords and 

Passphrases 

The second part of Ql, but not Q3, asked each 
respondent to construct a password consisting of any 
combination of up to eight alphanumeric characters. The 
test group was urged to memorize and safeguard this password 
as they would any other password. They were then asked how 
they devised this password. Four choices were given: (1) 
the password represents a meaningful detail such as a name, 
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a date or a number; (2) the password represents a 
combination of such meaningful details; (3) the password 
represents a random choice of characters; or (4) some other 
means. The second part of Q1 contained a unique eight 
character password that was assigned to each respondent. 

This was the only difference in the versions of 
questionnaire, Ql. Fifty-five of the Q1 forms had a system¬ 
generated random alphanumeric password. Forty-eight of the 
Ql forms had a system-generated pronounceable password. To 
distinguish between the two versions of Ql, the random 
alphanumeric form was designated Q1R and the pronounceable 
password form was designated Q1P. The respondents were 
urged to safeguard this password as well. 

Also included in the second part of Ql was a 
segment requesting each respondent to create a passphrase 
consisting of any combination of up to 80 alphanumeric 
characters. There was no requirement as to the minimum 
number of characters in the passphrase. The respondents 
were again urged to memorize and safeguard this passphrase 
as they would any other password. Then they were asked how 
they devised this passphrase. Five choices were given: (1) 
nonsensical phrase; (2) a quotation; (3) a piece of advice; 
(4) a common phrase; or (5) other means, 
c. Cognitive passwords 

The Ql and Q3 forms are identical in their third 
part. In this section, 20 open response questions ask for 
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items of information that were described as cognitive 
passwords. These items fall into two categories of 
responses. The first group are six items of personal facts 
assumed to be known only by the respondent or someone 
socially close to the respondent, for example, elementary 
school attended, mother's maiden name or father's 
occupation. The second group is 14 opinion-based items 
which ask the respondent to choose a favorite item, for 
example, favorite vacation place, favorite restaurant or 
favorite fruit. Once again, it was assumed that these 
responses would be known only by the respondent or someone 
socially close to him. 

d. Word Association 

The final part of the Q1 form requested the user 
to come up with a list of 20 word associations. In 
formulating these 20 cues and responses, the respondents 
were not required to use a central theme throughout. There 
was no limitation or minimum number of alphanumeric 
characters in either the cues or responses. They were then 
asked to copy just the cues onto Q2 in the appropriate 
spaces to see if a socially close person would be able to 
figure out the responses. 

e. Items for Recall of Passwords 

On Q1 respondents were asked to create a 
password; on the second part of Q3 the same respondents were 
asked to recall this password. Q3 was administered to these 


23 




same respondents approximately three months after the 
administration of Ql. After asking each person to recall 
the password of his own making, each respondent was asked 
what method was used to recall his password. The following 
choices were given: (1) Writing it down, even though they 
were asked not to; (2) Memory recall; (3) The only password 
the respondent ever uses; and (4) Other means. 

Next each respondent was asked to recall the 
assigned password given on the Ql form. The respondents 
were again asked how they recalled the password: (1) Memory 
recall; (2) Writing it down—even if told not to; (3) If the 
password were pronounceable, had that aided in recalling the 
password; or (4) Other means. 

Finally, the respondents were asked to recall 
their passphrase from their Ql form. They were then asked 
whether they had: (1) Written it down; (2) Recalled it from 
memory; (3) Chosen a phrase that they use over and over 
again so it was easy to remember; or (4) Other means. 
Expectations were that of the four methods (user-generated 
passwords, system-generated random passwords, system¬ 
generated pronounceable passwords and passphrases) 
pronounceable passwords would be recalled the most often, 
f. Items for Recall of Cognitive Passwords 

In the identical Q3 version of the cognitive 
password section, the same respondents were asked the same 
questions again. As with the previous part, Q3 was 
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administered approximately three months after Ql. In 
examining a system of passwords based upon cognitive 
information, the correlation between the Ql and Q3 cognitive 
responses is of interest. Expectations were high that there 
would be a high correlation, especially among the fact-based 
cognitive items. 

g. Items for Recall of Word Associations 
In the identical Q3 version of the word 
association section, the same respondents were asked to 
regenerate their list of 20 cues and responses. As with the 
other segments of Q3, this part was administered approxi¬ 
mately three months after Ql. Expectations were that the 
respondents would be able to come up with few, if any, of 
their original cues and responses. As soon as the 
respondent had generated as many associations from memory as 
possible, they were given a list of their original 20 cues. 
They were then asked to write down as many of their 
responses as they remembered. If, at this point, they were 
still unable to remember their responses, they were given 
the central theme, if any, to aid them in correctly 
remembering their responses. Expectations were that the 
respondents would not remember many of their original cues 
and responses. However, once the cues were given to the 
respondents, it was expected that most would remember their 
responses and /ery few would need to be told their theme, if 
any, to help in figuring out their responses. 
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h. Items Concerning the Various Password Methods 

The final section of Q3 requested the 

respondents to rank the various password methods—user¬ 
generated passwords, system-generated passwords, 
passphrases, cognitive passwords and authentication by word 
association—by ease of memory. The respondents were then 
asked to rank the methods as to how they liked them. 
Expectations were that the rankings would be similar. Also, 
the liking of uethods with user involvement was expected to 
be higher than those that were system-generated. 

i. Items to Tap Socially Close Knowledge 

The Q2 significant-other form asked for two 
items of identifying data. It asked for the last four 
digits of the user respondent's Social Security number or 
the SMC number to be used for matching purposes. It then 
asked for the relationship of the Q2 significant-other 
respondent to the Q1 user respondent. The second part of 
the Q2 form repeated the 20 cognitive password questions 
that were in the third part of the Q1 form. The 
significant-otb-r was asked to indicate what they thought 
the Q1 respondent would answer to each of the questions. 

They were then asked to complete the Q2 form without the 
help of the Q1 respondent. Of interest was the level of 
accuracy at which the Q2 significant-others could match the 
responses of the Q1 respondents. The assumption was that if 
someone socially close to a respondent had deficient 
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knowledge of personal cognitive data, then the likelihood of 
guessing by someone socially distant from the same 
respondent would be even less likely. 

The third part of the Q2 form asked the 
significant-other to determine the responses to the cues 
written down by the respondents from the word association 
portion of their Ql. After attempting to figure out the 
responses without aid from the user respondent, the 
significant-other respondent was given a second chance. 

This time the respondent would inform their significant- 
other if there was a central theme to the associations and 
if so, what it was. Once again, of interest was the level 
of accuracy at which the Q2 significant-others could match 
the Ql respondents. As with cognitive passwords, it was 
assumed that if someone socially close to the respondent was 
unable to figure out the responses, then the chances of an 
intruder figuring out the responses would be slim. 

2• Sample and Data Collection Design 
a. Ql Response by the Respondents 

The Ql questionnaire was administered to 103 
graduate students, the majority of which were majoring in 
management information systems. Of the respondents, 85% 
were male and 15% were female. Their level of experience 
with computers averaged five years. Twelve percent said 
they had no computer experience before starting graduate 
studies. Forty-eight percent reported that they used some 


27 








combination of microcomputer and mainframe, 32% said their 
computer experience was limited to microcomputers, while 8% 
claimed to have only used a mainframe. 

b. Q2 Response by Significant-other 

After completing the Q1 forms, the respondents 
were given the Q2 form. They were asked to write their SSN 
or SMC identifier on the Q2 form and to give the form to a 
significant-other of their choosing. They were then asked 
to return the Q2 forms after being completed by their 
significant-other. Q2 forms were returned by 85% of the 
respondents. Of the significant-others responding, 76% were 
spouses, 21% were friends and 3% were family members. 

c. Q3 Response by Respondents 

The Q3 version of the questionnaire was 
administered to the same user respondents approximately 
three months after the Q1 administration. Of the original 
103 Q1 respondents, 100% participated in the Q3 
administration. 

C. TABULATION 

Upon completion of the administration of the Ql, Q2 and 
Q3 questionnaires, the data were tabulated and analyzed 
using standard statistical methods. The mainframe software 
package used was SPSS-X, release 3.1. In Chapter V the 
findings and results from the questionnaires are summarized. 
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V. RESEARCH FINDINGS 


A. FINDINGS 

1. Recall of Self-generated Passwords 

Of the 103 respondents, 27.2% were able to recall 
correctly the password they had created themselves three 
months earlier. Among the respondents who recalled their 
password, 42.9% said they remembered it without aid, 7.1% 
said they wrote it down even though they were instructed not 
to. 17.9% said it was the only password they ever used so 
it was easy to remember. Finally, 32.1% gave "other means" 
as the basis for recall. Most of them used some type of 
memory aid to help in recalling the password. 

Table 1 shows how the respondents constructed their 
self-generated password. The majority, 67%, used some form 
of meaningful detail in creating their password. Figure 1 
shows how many characters were used in construction of the 
self-generated passwords. There were eight spaces on the Q1 
form and most, 54.4%, tended to use all the spaces when 
making up their passwords. 

Table 2 shows the composition of the self-generated 
passwords. As expected, the respondents mainly used 
alphabetics in creating their passwords. More interesting 
is the fact that of the 28 respondents who recalled their 
password, 92.9% used alphabetics only. Furthermore, Table 3 
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TABLE 1 


METHODS FOR SELECTING SELF-GENERATED PASSWORDS 


METHOD 

NUMBER 

PERCENTAGE 

MEANINGFUL DETAIL 

46 

44.7 

COMBINATION OF 
MEANINGFUL DETAILS 

23 

22.3 

RANDOM CHARACTERS 

1 

1.0 

OTHER 

33 

32.0 

TABLE 2 

PASSWORD COMPOSITION 

COMPOSITION 

NUMBER 

PERCENTAGE 

ALPHABETIC ONLY 

76 

73.3 

ALPHANUMERIC 

24 

23.3 

ASCII CHARACTERS 
INCLUDED IN PASSWORD 

3 

2.9 


shows that generally as the length Increases, the ability to 
recall the password decreases. For instance, four of the 
eight four-letter passwords were recalled, thus half or a 
50% recall occurred for four-letter passwords. 
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Number of Respondents 


Number of Characters in Password 



01 2345678 


Number of Characters 


Figure 1. Number of Characters in Password 

2. Recall of Svstem-qenerated Random and Pronounceable 
Passwords 

Table 4 reflects the ability of the respondents to 
recall either the assigned random alphanumeric password or 
the pronounceable password. As expected, fewer respondents 
were able to recall their system-generated password than 
their own self-generated password. However, the difference 
(28 versus 25 recalled) was not as large as expected. A 
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TABLE 3 


PASSWORD LENGTH VS. MEMORABILITY 


NUMBER OF CHARACTERS 
IN RECALLED PASSWORD 

3 

4 

5 

6 

7 

8 


PERCENTAGE OF ALL 
PASSWORDS OF THAT LENGTH 

0.0 

50.0 

20.0 

41.0 

27.0 

21.0 


TABLE 4 

SYSTEM-GENERATED PASSWORD RECALL 


TYPE OF PASSWORD 

NUMBER 

ASSIGNED 

NUMBER 

RECALLED 

PERCENTAGE 

PRONOUNCEABLE 

48 

18 

37.5 

RANDOM ALPHANUMERIC 

55 

7 

12.7 

TOTAL SYSTEM-GENERATED 

103 

25 



possible explanation for the closeness between the password 
methods is the recall of pronounceable passwords. Of the 
recalled system-generated passwords 72% were pronounceable. 
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The increased memorability of pronounceable pass¬ 
words is further supported in Table 5. Sixty-seven percent 
of the respondents who recalled their pronounceable password 
stated that they remembered it simply because the assigned 
password was pronounceable. No one was able to recall their 
random password from memory. 85.7% had to write it down 
even though they had been instructed not to do so. 


TABLE 5 

METHOD OF RECALL FOR SYSTEM-GENERATED PASSWORDS 


METHOD OF RECALL FOR 
PRONOUNCEABLE PASSWORD 

BECAUSE IT WAS PRONOUNCEABLE 

UNAIDED MEMORY 

WROTE IT DOWN 


NUMBER 

RECALLED PERCENTAGE 

12 66.7 


3 16.7 

3 16.7 


METHOD OF RECALL FOR NUMBER 

RANDOM PASSWORD RECALLED PERCENTAGE 


UNAIDED MEMORY 


0 0.0 


WROTE IT DOWN 


6 85.7 


OTHER 


14.3 
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3. Recall of Passphrases 


Of the 103 respondents, only 21.4% were able to 
recall the passphrase which they had created approximately 
three months earlier. As expected, a longer string of 
characters, even though it formed an expression familiar to 
a respondent, made it difficult to remember. Table 6 shows 
that the length of recalled passphrases was less than the 
length of all the passphrases originally created, but not 
dramatically so. 


TABLE 6 

PASSPHRASE LENGTH 



IN ALL 

IN RECALLED 


PASSPHRASES 

PASSPHRASES 

AVERAGE CHARACTER LENGTH 

22.7 

21.3 

AVERAGE NUMBER OF WORDS 

IN PASSPHRASE 

4.9 

4.4 


For those respondents who did remember their 
passphrase. Table 7 shows the method they used to recall it. 

Table 8 shows the different methods used to 
construct the passphrases. No method was clearly preferred 
in creating the passphrase. As a matter of fact, each 
method, except for selecting a piece of advice, uniformly 
received little more than 20% usage by the respondents. 
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TABLE 7 


METHOD OF PASSPHRASE RECALL 


METHOD 

WROTE IT DOWN 

UNAIDED MEMORY 

COMMON PHRASE USED 
OFTEN BY RESPONDENT 

OTHER 


NUMBER PERCENTAGE 
2 9.1 

9 40.9 


5 22.7 

6 27.3 


TABLE 8 

METHOD OF CREATING THE PASSPHRASE 


METHOD 

NUMBER 

PERCENTAGE 

NONSENSICAL PHRASE 

24 

23.3 

A QUOTATION 

21 

20.4 

A PIECE OF ADVICE 

10 

9.7 

A COMMON PHRASE 

21 

20.4 

OTHER 

27 

26.2 
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4. Recall of Cognitive Passwords 

a. Recall of Cognitive Passwords by Respondents 

The overall average number of correct matches by 
the respondents on all cognitive passwords between Q1 and Q3 
was 14.8 out of 20 correct responses or 74%. Figure 2 
reflects this distribution. Of interest is the grouping of 
the respondents at the high end of the spectrum. While 
there are a few outliers at the low end of the spectrum. 


Q1 vs. Q3 Cognitive Passwords 



Number of Correct Responses 


Figure 2. Q1 vs. Q3 Cognitive Passwords 
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which resulted in the somewhat low mean, 62.1% of the 
respondents had 15 or more correct responses. Of interest 
is the comparison of the level of these responses with the 
responses for the previously analyzed password methods. The 
best password response was 37.5% for the system-generated 
pronounceable passwords. On the cognitive password 
continuum, the number of correct matches for self-generated 
passwords is equivalent to getting 7.5 correct responses. 
Only three respondents scored that poorly on cognitive 
passwords. 

Besides the overall high success rate, the 
respondent's performance for each individual question is of 
interest. As discussed in the research methodology chapter, 
the cognitive questions were split into six fact-based 
questions and 14 opinion-based questions. The success of 
the respondents in recalling cognitive passwords over a 
three month period is expressed in the percentage of correct 
matches that were produced on the Q3 form. Table 9 shows 
that the recall for the fact-based questions was high, 

83.7%. Even the lowest cognitive question had a recall rate 
of 74.8%, twice the recall rate for any of the previous 
password methods. 

The success rate for the recall of the opinion- 
based questions is lower than for the fact-based questions. 
The average percentage of correct responses was 70%. There 
was a fairly wide variance with the number of correct 
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TABLE 9 


RESPONDENT MATCHING ON FACT-BASED COGNITIVE PASSWORDS 


ITEM 

NUMBER 

WHO 

MATCHED 

CORRECTLY 

PERCENTAGE 

WHO 

MATCHED 

CORRECTLY 

WHAT IS THE NAME OF THE 
ELEMENTARY SCHOOL FROM WHICH 
YOU GRADUATED? 

87 

84.5 

WHAT IS THE NAME OF YOUR 
FAVORITE UNCLE? 

89 

86.4 

WHAT IS THE NAME OF YOUR BEST 
FRIEND FROM HIGH SCHOOL? 

87 

84.5 

WHAT IS YOUR MOTHERS MAIDEN 
NAME? 

96 

93.2 

WHAT WAS THE FIRST NAME OF 

YOUR FIRST BOYFRIEND/GIRLFRIEND? 7 7 

74.8 

WHAT IS THE OCCUPATION OF 
YOUR FATHER? 

81 

78.6 
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responses ranging from 49.5% to 87.4%. The questions that 
had the lowest success rate dealt with an individual's 
favorite restaurant, actor or actress, and choice of 
alternative profession. Two possible explanations for 
missing these questions are: (1) At the time of 
administration of Ql, the respondent may have wavered 
between a couple of answers, failing to remember which one 
he had chosen three months earlier and selecting a different 
answer on Q3; and (2) these questions call for answers that 
may have changed for the respondent since the administration 
of Ql. Therefore, the respondent may have answered the 
question according to his opinion at the time of the 
administration of Q3, as opposed to responding as he did 
when he first answered the question. Tables 10 and 11 show 
the results of the opinion-based cognitive questions. 

b. Matching of Cognitive Passwords by Significant- 

Others 

The average number of correct matches by 
significant-others on all cognitive passwords from the Q2 
form was 7.6 out of 20 (38%). Figure 3 shows the 
distribution of the correct matches. The distribution 
approaches that of a normal curve. The distribution curve 
emphasizes the success rate of the significant-others and is 
skewed toward the lower end of the spectrum. However, it 
was not expected that as many significant-others would do as 
well as shown. An explanation for the success rate of the 
17 significant-others who scored better than ten correct 
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TABLE 10 


RESPONDENT MATCHING ON OPINION-BASED COGNITIVE PASSWORDS 


ITEM 

NUMBER 

WHO 

MATCHED 

CORRECTLY 

PERCENTAGE 

WHO 

MATCHED 

CORRECTLY 

WHAT IS THE NAME OF YOUR 
FAVORITE CLASS IN HIGH SCHOOL? 

80 

77.7 

WHAT IS THE NAME OF YOUR 

FAVORITE MUSIC PERFORMER OR GROUP? 82 

79.6 

WHAT IS YOUR FAVORITE TYPE OF 
MUSIC? 

89 

86.4 

WHAT IS THE NAME OF YOUR 
FAVORITE VACATION PLACE? 

68 

66.0 

IF YOU COULD TRAVEL TO ANY 
COUNTRY IN THE WORLD, WHICH 
WOULD IT BE? 

74 

71.0 

WHAT IS THE LAST NAME OF YOUR 
FAVORITE ACTOR OR ACTRESS? 

60 

58.3 
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TABLE 11 


RESPONDENT MATCHING ON OPINION-BASED COGNITIVE PASSWORDS 


NUMBER PERCENTAGE 

WHO WHO 

MATCHED MATCHED 

ITEM CORRECTLY CORRECTLY 

WHAT IS YOUR FAVORITE FLOWER? 90 87.4 

WHAT IS YOUR FAVORITE DESSERT? 68 66.0 

WHAT IS YOUR FAVORITE VEGETABLE? 77 74.8 

WHAT IS YOUR FAVORITE FRUIT? 68 66.0 

WHAT IS YOUR FAVORITE COLOR? 77 74.8 

IF YOU COULD CHANGE OCCUPATIONS, 

WHICH NEW OCCUPATION WOULD YOU 

CHOOSE? 56 54.4 

WHAT IS THE NAME OF YOUR 

FAVORITE RESTAURANT? 51 49.5 


WHAT IS THE LAST NAME OF YOUR 

FAVORITE COLLEGE INSTRUCTOR? 6 9 67.0 
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Q1 vs. Q2 Cognitive Passwords 



Number of Correct Responses 


Figure 3. Q1 vs. Q2 Cognitive Passwords 

answers may be that 13 of the 17 (76.5%, including the one 
scoring 17 correct matches) answered the same questions six 
months earlier when Hulsey was conducting similar research 
with some of the same respondents. This, also, may have 
affected the other results, too, as 60% of the respondents' 
significant-others were the same surveyed by Hulsey. In 
Hulsey's study, only one significant-other scored greater 
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than ten correct matches. Therefore, only four significant- 
others in this survey can be interpreted as scoring better 
than ten correct matches without help from the respondents. 
Interestingly enough the scores of these four significant- 
others were 11, 12, 13 and 14. 

Significant-others in this study are assumed to 
be people who are close to the user respondents—spouses, 
close friends or family members. Yet, even they do not have 
correct knowledge, on an average of more than 40%, of the 
items on personal information and personal preferences of 
the respondents. 

The difficulty the significant-others had in 
matching the cognitive passwords is confirmed in the average 
percentage score, 44.6%, for fact-based questions (Table 
12). The assumption was made that the fact-based questions 
would be better known than would the opinion-based questions 
by significant-others. Nonetheless, even though the 
significant-others are precisely the people who should know 
better than anyone else the personal facts about the 
respondents, they, on average, knew less than half of the 
correct responses. 

As expected, the significant-others knew less 
about the personal preferences of the respondents (Tables 13 
and 14) then they knew about the respondent's personal 
facts. The average score of matches for the 14 opinion- 
based items is 4.6 (32.5%). 
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'ABLE 12 


SIGNIFICANT-OTHER HATCHING ON 
FACT-BASED COGNITIVE PASSWORDS 


ITEM 

NUMBER 

WHO 

MATCHED 

CORRECTLY 

PERCENTAGE 

WHO 

MATCHED 

CORRECTLY 

WHAT IS THE NAME OF THE 
ELEMENTARY SCHOOL FROM WHICH 
YOU GRADUATED? 

22 

25.3 

WHAT IS THE NAME OF YOUR 
FAVORITE UNCLE? 

47 

54.0 

WHAT IS THE NAME OF YOUR BEST 
FRIEND FROM HIGH SCHOOL? 

40 

46.0 

WHAT IS YOUR MOTHER’S MAIDEN 
NAME? 

59 

67.8 

WHAT WAS THE FIRST NAME OF 

YOUR FIRST BOYFRIEND/GIRLFRIEND? 18 

20.7 

WHAT IS THE OCCUPATION OF 
YOUR FATHER? 

47 

54.0 
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TABLE 13 


SIGNIFICANT-OTHER HATCHING ON 
OPINION-BASED COGNITIVE PASSWORDS 


ITEM 

NUMBER 

WHO 

MATCHED 

CORRECTLY 

PERCENTAGE 

WHO 

MATCHED 

CORRECTLY 

WHAT IS THE NAME OF YOUR 
FAVORITE CLASS IN HIGH SCHOOL? 

22 

25.3 

WHAT IS THE NAME OF YOUR 

FAVORITE MUSIC PERFORMER OR GROUP? 3 7 

42.5 

WHAT IS YOUR FAVORITE TYPE OF 
MUSIC? 

44 

50.6 

WHAT IS THE NAME OF YOUR 
FAVORITE VACATION PLACE? 

22 

25.3 

IF YOU COULD TRAVEL TO ANY 
COUNTRY IN THE WORLD, WHICH 
WOULD IT BE? 

27 

31.0 

WHAT IS THE LAST NAME OF YOUR 
FAVORITE ACTOR OR ACTRESS? 

25 

28.7 
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TABLE 14 


SIGNIFICANT-OTHER MATCHING ON 
OPINION-BASED COGNITIVE PASSWORDS 



NUMBER 

PERCENTAGE 


WHO 

WHO 


MATCHED 

MATCHED 

ITEM 

CORRECTLY 

CORRECTLY 

WHAT IS YOUR FAVORITE FLOWER? 

46 

52.9 

WHAT IS YOUR FAVORITE DESSERT? 

34 

39.1 

WHAT IS YOUR FAVORITE VEGETABLE? 3 2 

36.8 

WHAT IS YOUR FAVORITE FRUIT? 

32 

36.8 

WHAT IS YOUR FAVORITE COLOR? 

51 

£8.6 

IF YOU COULD CHANGE OCCUPATIONS, 
WHICH NEW OCCUPATION WOULD YOU 
CHOOSE? 

25 

28.7 

WHAT IS THE NAME OF YOUR 
FAVORITE RESTAURANT? 

20 

23.0 

WHAT IS THE LAST NAME OF YOUR 
FAVORITE COLLEGE INSTRUCTOR? 

1 1 

12.6 


46 






An assumption was made that the significant- 
others are the people in the best position to possess 
knowledge about the respondents. Of interest then is the 
ability to judge how much personal knowledge is held by 
socially close people. A further assumption is that the 
accuracy of personal knowledge would decrease as the social 
distance was increased. 

To examine this social distance phenomenon, the 
average number of correct matches was calculated on the 
overall set of 20 cognitive questions for the three family 
members, the 66 spouses and the 18 friends. Unfortunately, 
there was not a larger sample of family members, so there 
may be some bias in the results. The average number of 
correct matches for family members was 12 (60%); for spouses 
it was 8.2 (41%); and for friends it was 4.7 (23.5%). The 
difference between each group is significant. However, it 
was no surprise that family members did the best as they 
have been exposed to the respondent for most of the 
respondent's life. Similarly, spouses did next best, but 
not as well as the family members, perhaps because they came 
to know the respondent later in life. Finally, friends did 
the worst, most likely because they probably have not known 
the respondent as long or as well as the other groups. 
Therefore, the notion that social distance affects personal 
knowledge has merit. 
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a. Recall of Word Associations by Respondents 


The overall average number of correct matches by 
the respondents on all the word associations between Q1 and 
Q3 was 13.8 out of 20 (69%). The respondents fell anywhere 
in the continuum from 0 to 20 responses correct as shown in 
Figure 4. Of note is that 60 (58.3%) got 14 (70%) or more 
matches correct. 


Q1 vs. Q3 Word Association 



Number of Correct Responses 


Figure 4. Q1 vs. Q3 Word Association 
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As expected, when first asked to generate both 
their cues and responses, the respondents on average v -^re 
able to generate only 4.1 out of the 20 (20.5%). However, 
when presented with their list of cues they were able to 
generate responses albeit with some errors. Not one 
respondent requested to know what their theme was. Either 
there was no theme or the list of 20 cues made them remember 
their theme. While it was expected that few would need 
their theme to generate responses, it was surprising that 
not one, including the one who got none of his responses 
correct, requested his theme to help figure out the 
responses. 

b. Matching of Word Associations by Significant- 

Others 

The significant-others were first asked to guess 
the responses, without any help from the respondents, after 
having been given the cues. In this case, the significant- 
others were able to correctly match 5.1 out of 20 (25.5%). 
Then they were given the theme from the respondent. Only 39 
of the 87 (44.8%) of the significant others used this 
information in an attempt to better their score. By using 
the theme, the significant-others improved their score by 
3.9 correct responses on average. As a result, the 
significant-others overall were able to improve their score 
to 6.6 out of 20 (33%). Figure 5 shows the distribution of 
correct responses by the significant-others before being 
given the theme. Figure 6 shows the distribution of correct 
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Q1 vs. Q2 Word Association without Theme 



Number of Correct Responses 


Figure 5. Q1 vs. Q2 Word Association without Theme 

responses after being given the theme. It should be noted 
that only 39 significant-others attempted to use the theme 
to improve their score. 

The distribution is skewed toward the lower end 
of the spectrum. However, there are a few outliers which 
are explained by the fact that the respondents chose trivial 
associations. For instance, the respondent of the 
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Q1 vs. Q2 Word Association with Theme 



Number of Correct Responses 


Figure 6. Q1 vs. Q2 Word Association with Theme 

significant-other who got all 20 responses correct chose 
opposites as the theme. 

Unlike the cognitive passwords, social closeness 
played no part in the ability of the significant-other to 
figure out correctly the responses. There was less than one 
correct response difference between the three groups—family 
members, spouses and friends. 

















6. Ranking o;f the Various Methods 


The last task the respondents were asked to perform 
was to rank the various alternative methods of user 
authentication. First, they were asked to rank the five 
methods based on how easy each method was to remember. 
User-generated passwords were ranked first 50 times. Second 
was authentication by word association with 29 first place 
rankings. Third was cognitive passwords with 14 first place 
rankings. Passphrases were fourth with two first places. 
Finally, system-generated passwords (no distinction was made 
between random or pronounceable) were ranked last with no 
one choosing it as easiest to remember. 

The respondents were then asked to rank the various 
methods according to how they liked them. The order was the 
same. User-generated passwords received 47 first place 
rankings, word association had 30, cognitive passwords had 
16, passphrases had three, and one person liked system¬ 
generated passwords the best. 

Eight respondents did not complete this part of the 
questionnaire. The rankings are summarized in Table 15. 
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TABLE 15 


RANKINGS OF VARIOUS 

PASSWORD 

METHODS 

RANKING BY EASE OF MEMORY: 



OVERALL 

AVERAGE 

METHOD 

RANK 

SCORE 

USER-GENERATED PASSWORDS 

1 

1.98 

AUTHENTICATION BYWORD 
ASSOCIATION 

2 

2.41 

COGNITIVE PASSWORDS 

3 

2.67 

PASSPHRASES 

4 

3.45 

SYSTEM-GENERATED PASSWORDS 

5 

4.46 


RANKING BY HOW IT WAS LIKbD: 

OVERALL AVERAGE 


METHOD 

RANK 

SCORE 

USER-GENERATED PASSWORDS 

1 

1.96 

AUTHENTICATION BY WORD 
ASSOCIATION 

2 

2.39 

COGNITIVE PASSWORDS 

3 

2.73 

PASSPHRASES 

4 

3.38 

SYSTEM-GENERATED PASSWORDS 

5 

4.54 
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VI. CONCLUSIONS AND RECOMMENDATIONS 

A. DISCUSSION OF FINDINGS 

1. Recall of Passwords and Passphrases 

Over a three month period, only 27.2% of the 
respondents could recall the password that they had created 
themselves. As in previous research studies, this survey 
showed that as password length increased it became more 
difficult to remember (Table 3). 

Similarly, only 12.7% of the respondents could 
remember their system-generated random alphanumeric 
password. However, it is important to note that of the 
respondents assigned a system-generated pronounceable 
password, 37.5% were able to recall it. These pronounceable 
passwords appear to be more secure than the user-generated 
passwords, perhaps because the pronounceable passwords are 
not related to the user's lifestyle. It was shown here, 
however, that even though unrelated, they are more memorable 
to the user than his self-generated password. It should be 
pointed out that not one respondent was able to remember the 
random alphanumeric password on his own. Among those who 
did recall it, 85.7%, had written it down. 

21.4% of the 103 respondents were able to remember 


their passphrases. Most of the respondents, 77.7%, chose 
passphrases consisting of fewer than the minimum recommended 




thirty characters (Porter, 1982). They still had little 
success in recalling the passphrase. Given that the 
accepted limit of short term human memory is seven 
characters, it is interesting to note that the percentage 
who remembered their passphrase was the same as those who 
remembered their user-generated password if it was eight 
characters in length: approximately 21%. 

2. Recall of Cognitive Passwords 

After three months, the respondents recalled an 
average of 74% of their cognitive passwords. Two of these 
respondents were able to recall all 20. When the fact-based 
cognitive passwords were analyzed separately, the recall 
averaged over 83%. The recall performance on the opinion- 
based cognitive passwords was somewhat lower than for the 
fact-based passwords. As a result, only 74.8% of the 
opinion-based cognitive passwords were recalled. 

Recall of the cognitive passwords was noticeably 
better than for any of the previously described password 
alternatives. Overall, the findings support the notion that 
the ease of recall of cognitive passwords is superior to 
that of traditional passwords and slight modifications of 
that method. 

The people who are socially close to the respondents 
(family members, spouses and friends), could guess no more 
than an average of 38% of the respondents* cognitive 
passwords. Only a few significant-others could legitimately 
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guess more than ten out of 20 responses due to previous 
exposure to a similar questionnaire. Two significant-others 
could not guess any of the 20 responses correctly. 

When the guessing of fact-based cognitive passwords 
was analyzed separately from opinion-based ones, the results 
were as expected. People close to the respondent could 
guess fact-based cognitive passwords better than they could 
guess opinion-based ones. On average, the significant- 
others guessed 44.8% of the fact-based cognitive passwords 
while averaging only 32.5% for the opinion-based cognitive 
passwords. 

The notion that people more socially close to the 
respondents are better guessers than those even slightly 
removed, was found to be true. The average number of 
correct guesses for family members was 12 (60%), while 
spouses were 8.2 (41%) and friends were 4.7 (23.5%). 

3. Recall of Word Associations 

After three months, the respondents recalled, on 
average, 69% of their word associations. Seven respondents 
remembered all 20 responses and almost a third remembered 
90% or more of their responses. While there was success at 
the high end of the spectrum, there was a fairly uniform 
distribution of respondents remembering from 30% to 90%. An 
explanation for this distribution is that the respondents 
were given free reign in making up their word associations. 
Unlike the cognitive password section, in which all the 






respondents answered the same questions, the word 
associations had various degrees of difficulty depending 
upon how challenging each respondent decided to make them. 

Even with the wide variance, the average success 
rate was over twice that of the traditional user-generated 
password method. In comparison with the overall success 
rate of cognitive passwords, word associations were not as 
great (69% to 74%). However, there were almost twice as 
many respondents (30 to 17) scoring 90% or more correct 
responses on the word associations than on the cognitive 
passwords. 

The significant-others, on average, could guess only 
25.5% of the correct responses. Seventeen significant- 
others could not guess even one response correctly. There 
was a small percentage of significant-others (10.3%) who 
were able to guess correctly more than ten responses. As 
expected, when the respondents helped their significant- 
other by telling them what their theme was, the success rate 
improved. But only to 33%. There were still six 
significant-others who could not get any responses correct. 
Only 44.8% of the significant-others used information about 
the theme to improve their scores; not everyone did. Of the 
remaining 55.2% who did not use this information to improve 
their scores, the assumption cannot be made that they had 
figured out the theme since some of the respondents 
constructed word association lists without themes. This 
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shows that even though the significant-others saw all 20 
cues at once—a luxury an intruder would not have—it was 
not obvious what the connection was among the cues. 

Even with the theme, the significant-others failed 
to guess as many correct responses (33% to 38%) as they had 
in the cognitive passwords section. Also, unlike cognitive 
passwords, social closeness made no significant difference 
in the ability of the significant-others to figure out the 
responses. 

4. Ranking of the Various Methods 

When asked to rank the various methods as to how 
easy they were to remember, the respondents clearly chose 
user-generated passwords as the one that they thought was 
easiest. However, this method was one of the worst for 
recall by the respondents. Other than this, the rankings 
generally reflect how the respondents actually did in 
recalling their "passwords" from the different methods. 

When the respondents ranked the methods by how they 
liked them, those that were user-oriented were ranked 
highest. Of interest is the fact that there was little 
difference between the two rankings. No method differed on 
the final score by even .1. This shows that e respondents 
may have interpreted that how they liked a certain method 
meant that it was easy to remember. This would explain why 
the respondents chose user-generated passwords as easiest to 
remember when in reality they were not. 
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5. Summary 


These findings demonstrate that there are 
significant differences among the various password 
alternatives. Moreover, they show that both cognitive 
passwords and authentication by word association are methods 
that are easy for users to recall yet are difficult for 
others to guess, even by the people who know the users best. 

B. COMPARISON TO OTHER STUDIES 
1. Cognitive Passwords 

Hulsey showed that cognitive passwords provided a 
better authentication method than traditional password 
systems. This study supports that conclusion. However, the 
survey group here did not provide the same clear-cut choice. 
Unlike Hulsey's survey group, there were outliers from both 
the respondents and the significant-others. Two 
explanations for the slight differences between these two 
studies are: (1) This survey group was larger, both in 
respondents (by 5.0%) and significant-others (by 11.5%). 

Even though these numbers are not large, neither were the 
differences in the studies. (2) Some of this survey group 
was the same as Hulsey's, so prior exposure to the cognitive 
password questions helped those significant-others do better 
this time around. Like Hulsey's study, this study showed 
that cognitive passwords were easy to remember and more 
difficult to figure out than user-generated passwords. 
However, this study shows that users still preferred the 
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traditional password method over cognitive passwords. 

Hulsey recommended that research be conducted into how 
authentication by word association compared to cognitive 
passwords. That research is discussed and compared with 
Smith's in the next section. 

2. Word Association 

Smith's research showed that after six months the 
four respondents in his survey group could recall 94% of 
their word associations (Smith, 1987). This is considerably 
higher than the 69% success rate after three months from 
this survey group. The difference in sizes of the two 
groups probably accounts for the difference in success rate. 
Smith had only two of his four respondents' significant- 
others try to guess the proper responses. They had a 
success rate of 45% and 50% respectively. He speculated 
that the lists from his other two respondents would be 
difficult to guess, unless some prior special knowledge 
about the respondent was known by the significant-other 
(Smith, 1987). The success rate of his significant-others 
was higher than the success rate of 25.5% (33% given the 
theme) by this survey group. Smith concluded that 
authentication by word association seemed promising for 
finding a better method for user authentication. The 
results of this study support his conclusion. 
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C. RECOMMENDATIONS 


Several different user authentication methods were 
examined in this thesis. The desired security level of the 
organization and its access control policy need to be known 
before definitive advice can be given on choice of specific 
method. If an organization desires just to upgrade its 
traditional password system, without making radical changes, 
user-generated pronounceable passwords should be used. 
System-generated pronounceable passwords were proven easiest 
to remember. The one pitfall they had was that users 
dislike system-generated passwords; so by allowing the users 
to choose them, this password method should be more 
desirable to the user. Pronounceable passwords also offer a 
high degree of security as they are a mix of alphanumeric 
characters that do not form an actual word or phrase. 

If an organization desires to change its present user 
authentication method to make it the best possible, 
authentication by word association should be chosen. A 
close second is cognitive passwords. Authentication by word 
association has been shown to be the most secure of the 
various methods discussed here. The 25.5% guess rate was 
lower than Hulsey’s 27% guess rate for cognitive passwords. 
Also, users ranked it second to user-generated passwords as 
both easiest to remember and the one they liked. Even 
though the respondents, on average, did not respond to the 
word associations as well as they did on cognitive 
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passwords, almost twice as many respondents scored at the 
high end (90% or better) on the word associations than they 
did on cognitive passwords. 

Both authentication by word association and cognitive 
passwords provide better security than traditional password 
systems. They are user-friendly and offer ease of 
memorability. Implementation of and continued research into 
these two methods should be encouraged. 
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APPENDIX 


THESIS QUESTIONNAIRES 

This appendix contains the three questionnaires Ql, Q2 
and Q3. 
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THESIS SURVEY; PASSWORDS. PASSPHRASES AND AUTHENTICATION 
METHODS 


PART A: PERSONAL INFORMATION 
Please answer the following questions: 

Sex (Circle one): Male Female 

SMC No._ or last 4 digits of your SS _ 

Number of years of computer usage:_ 

Type of computer(s) you have used prior to NPS (check any 
that apply): 

Microcomputer_ 

Microcomputer linked to a mainframe__ 

Mainframe terminal 


PART B: PASSWORDS AND PASSPHRASES 

For the purpose of this survey anytime you are requested 
to memorize something do not write it down. This is for all 
parts of this survey—passwords, passphrases, cognitive 
passwords and word association. 

1. Please create and write in the boxes below a password, up 
to eight alphanumeric characters. Please memorize and 
safeguard it as you normally do your passwords. As with 
other parts of this survey, you will later be asked to 
recall what you have been requested to memorize. 


2. How did you choose the password above? (Circle one) 

A. A meaningful detail (name, date, number, etc.) 

B. A combination of meaningful details (JIM1989, etc.) 

C. A randomly chosen combination of characters 

D. Other (please specify)_ 

3. The following password has been assigned to you for this 
study. Please memorize and safeguard it as you would any 
other password. This password is pronounceable, 

which may help you remember it. For instance, UN4TUNE8 
would be unfortunate. 
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4. A passphrase is a string of up to 80 alphanumeric 

characters. Theoretically, it is more secure than a 
normal password since it is unlikely that someone will 
guess it. The passphrase can be silly like "Susie sells 
seashells by the seashore," or it can be a quotation or a 
common phrase. Please construct a passphrase of your 
choice in the space below. Please memorize it and 
safeguard it as you would any other password. 


5. How did you choose your passphrase above? (Circle one) 

A. Nonsensical phrase that I can remember 

B. A quotation 

C. A piece of advice 

D. A common phrase 

E. Other (please specify)_ 


PART C: COGNITIVE PASSWORDS 


Cognitive passwords suggest the use of fact, interest and 
opinion-based cognitive data, that are known only to the user 
as an authentication mechanism. Please answer the following 
questions using a maximum of 20 characters. 

1. What is the name of the elementary school from which you 

graduated? _ 

2. What is the first name of your favorite uncle? _ 

3. What is the first name of your best friend in high 
school? 


4. What is your mother's maiden name? _ 

5. What was the first name of your first boyfriend/ 

girlfriend? _ 

6. What was the name of your favorite class in high school? 


7. What is the name of your favorite music performer or 
group? _ 

9. What is the name of your favorite vacation place? 
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10 . 


11 . 


12 . 


13. 


14. 


15. 


16. 


17. 


18. 


19. 

20 . 


If you could travel to any country in the world, which 
would it be? _ 

What is the last name of your favorite actor or 
actress? _ 

What is your favorite flower? _ 

What is your favorite dessert? _ 

What is your favorite vegetable? _ 

What is your favorite fruit? _ 

What is your favorite color? _ 

If you could change occupations, which new occupation 
would you choose? _ 

What is the name of your favorite restaurant 


What is the occupation of your father? 


What is the last name of your favorite college 
instructor? 


PART D: WORD ASSOCIATION 


Another form of access control is a challenge-and- 
response query after a user has logged on. When the user 
correctly responds to the queries, the system ensures that it 
is the authorized user who has logged on. One such method is 
a series of word associations. Each user creates 20 word 
associations peculiar to him. For instance a user could 
decide to set up a table composed of queries that remind him 
of musical artists. The partial table is listed: 


QUERY 

Virgin 

Deaf 

Eliminator 

Glasses 

Lips 


RESPONSE 

Madonna 

Beethoven 

ZZTop 

Elton_John 

Mick_Jagger 


So, after initial logon, the system would query: Glasses? 
The authentic user would then respond: EltonJohn 
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1. Now construct a set of word associations for yourself. 
Please list 20 associations. While it is helpful for 
memory purposes to use one theme throughout it is not 
mandatory. Here are some other suggestions for possible 
themes: comic strips, authors, TV shows, movies, family 

members. 

QUERY RESPONSE 

1 ._ _ 

2._ _ 

3. _ _ 

4. _ _ 

5. _ _ 

6. _ _ 

7. _ _ 

8. _ _ 

9. _ _ 

10. _ _ 

11._ _ 

12._ _ 

13. _ _ 

14. _ _ 

15. _ _ 

16. _ _ 

17. _ _ 

18. _ _ 

19. _ _ 

20. 


Theme (if any)_ 

2. Now rewrite the queries onto the survey for your spouse 
or friend to fill out. The instructions on how to 
administer the survey to your spouse or friend is on that 
survey, as well as the directions on where to return that 
survey when it is complete. 


67 





Cognitive passwords suggest the use of fact, interest and 
opinion-based cognitive data, that are known only to the user 
as an authentication mechanism. Please answer the following 
questions, using a maximum of 20 characters, the way you 
think the person who gave you this survey answered them. 


1. What is the name of the elementary school from which 

he/she graduated? _ 

2. What is the first name of his/her favorite uncle? 


3. What is the first name of his/her best friend in high 

school? _ 

4. What is his/her mother's maiden name? _ 

5. What was the first name of his/her first boyfriend/ 

girlfriend? _ 

6. What was the name of his/her favorite class in high 

*■ nhool? _ 

7. What is the name of his/her favorite music performer or 

group? _ 

8. What is his/her favorite type of music? _ 

9. What is the name of his/her favorite vacation place? 


10. If he/she could travel to any country in the world, 

which would it be? _ 

11. What is the last name of his/her favorite actor or 

actress? _ 

12. What is his/her favorite flower? _ 

13. What is his/her favorite dessert? _ 

14. What is his/her favorite vegetable? _ 
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15. What is his/her favorite fruit? _ 

16. What is his/her favorite color? _ 

17. If he/she could change occupations, which new occupation 

would he/she choose? _ 

18. What is the name of his/her favorite restaurant? 


19. What is the occupation of his/her father? 


20. What is the last name of his/her favorite college 
instructor? _ 


PART B: WORD ASSOCIATION 


A form of computer access control is a challenge-and- 
response query after a user has logged on. When the user 
correctly responds to the queries, the system ensures it is 
the authorized user who has logged on. One such method is 
the use of a series of word associations. Each user creates 
20 word associations peculiar to him. For instance, a user 
could create queries that remind him of musical artists. For 
example: 


QUERX 

Virgin 

Deaf 

Eliminator 

Glasses 

Lips 


RESPONSE 

Madonna 

Beethoven 

ZZTop 

Elton_John 

Mick_Jagger 


So, after initial logon, the system would query: Glasses? 
The authentic user would respond: Elton_John 


The person who presented you with this survey has created 
a table of 20 word associations. The queries are listed 
below and continue onto the next page. In column A of the 
responses, try to guess what the correct response to each 
query is supposed to be. When you are finished, ask if there 
was any theme to the 20 associations. Then he or she will 
tell you if their associations had a theme and if so what it 
was. Now try to see how many more correct responses you can 
get in column B. 
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COLUMN A 
QUERY RESPONSE 

1 ._ _ 

2.__ 

3. _ _ 

4. _ _ 

5. _ _ 

6. _ _ 

7. _ _ 

8. _ _ 

9._ _ 

10._ _ 

11._ _ 

12._ _ 

13. _ _ 

14. _ _ 

15. _ _ 

16. __ _ 

17. _ _ 

18. _ _ 

19. _ _ 

20. 


COLUMN B 
RESPONSE 


Please return this form to either Mark Beedenbender (SMC No. 
1749), your instructor or to Professor Zviran 1-310 (or his 
mailbox on the second deck of Ingersoll). 
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METHODS 

PART A: PERSONAL INFORMATION 

SMC No._ or last 4 digits of your SSN_ 

PART B: PASSWORDS AND PASSPHRASES 

Earlier this quarter you were askc.<; to memorize several 
passwords and a passphrase. This survey will test your 
recall of those passwords and passphrase. 

1. Please create and write in the boxes below a password, up 
to eight alphanumeric characters. Use the same password 
you used at the beginning of the quarter. 


2. How did you remember the password above? (Circle one) 

A. I did write it down because I knew that would be the 
only way I could remember it. 

B. I just remembered it. 

C. It is the only password I ever use so it was easy to 
remember. 

D. Other (please specify) _ 

3. Please enter the password that was assigned to you for 
this study in the boxes below. 


4. How did you remember the password above? (Circle one) 

A. Since it was pronounceable, it was easy to remember. 

B. I just remembered it. 

C. I did write it down because I knew that would be the 
only way I could remember it. 

D. Other (please specify) _ 

5. Please enter the passphrase that you chose at the 
beginning of the quarter in the space below. 
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6. How did you remember your passphrase above? (Circle one) 

A. I did write it down because I knew that would be the 
only way I could remember it. 

B. I just remembered it. 

C. It's a phrase I use over and over again so it was 
easy to remember. 

D. Other (please specify) _ 


PART C: COGNITIVE PASSWORDS 

Please answer the following questions using a maximum of 20 
characters. 

1. What is the name of the elementary school from which you 
graduated? _ 


2. What is the first name of your favorite uncle? 


3. What is the first name of your best friend in high 
school? 


4. What is your mother's maiden name? _ 

5. What was the first name of your first boyfriend/ 

girlfriend? _ 


6. What was the name of your favorite class in high school? 


7. What is the name of your favorite music performer or 
group? _ 


8. What is your favorite type of music? _ 

9. What is the name of your favorite vacation place? 


10. If you could travel to any country in the world, which 
would it be? 


11. What is the last name of your favorite actor or 
actress? 


12. What is your favorite flower? 

13. What is your favorite dessert? 

14. What is your favorite vegetable? 
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15. What is your favorite fruit? _ 

16. What is your favorite color? _ 

17. If you could change occupations, which new occupation 

would you choose? _ 

18. What is the name of your favorite restaurant? 

19. What is the occupation of your father? _ 

20. What is the last name of your favorite college 

instructor? _ 

PART D: WORD ASSOCIATION 

1. Try to reconstruct the set of word associations that you 
made for yourself at the beginning of the quarter. There 
were 20 associations. 

QUERY 

1 ._ 

2._ 

3. _ 

4. _ 

5. _ 

6 . _ 

7. _ 

8. _ 

9. _ 

10. _ 

11._ 

12._ 

13. _ 

14. _ 

15. _ 

16. ' 

17. _ 

18. 
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THESIS QUESTIONNAIRE—AUTHENTICATION BY WORD ASSOCIATION 


SMC NO. 


or your last 4 digits of your SSN 


Listed below are the 20 queries that you created at the 
beginning of the quarter. In column A of the responses, try 
to guess what the correct response to each query is supposed 
to be. If you are unable to respond to all of the queries 
ask the person who is administering the questionnaire if 
there was any theme for the 20 associations. Now try to see 
how many more correct responses you can get writing your 
responses in column B. 


QUERY 

1 ._ 

2._ 

3. _ 

4. _ 

5. _ 

6 . _ 

7. _ 

8 . _ 

9._ 

10 ._ 

11._ 

12._ 

13. _ 

14. _ 

15. _ 

16 . _ 

17. _ 

18 . _ 

19. _ 

20. 


COLUMN A COLUMN B 

RESPONSE RESPONSE 
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1- In this survey, you saw five different authentication 

methods. Please rank these methods according to how easy 
it was to remember the method. Use a ranking scale where 
"1" is the easiest to remember, while "5" would be the 
most difficult to remember. Use each number, 1 through 
5, only once. 


RANK 


Personally selected passwords 
System generated passwords 
Passphrases 
Cognitive passwords 
Authentication by word association 


2. Now rank the methods according to how you liked them. 
This time "l" would stand for your most favorite, while 
your least favorite would be "5." Again, use each 
number, 1 through 5, only once. 

RANK 


Personally selected passwords 
System generated passwords 
Passphrases 
Cognitive passwords 
Authentication by word association 
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